Prism proxy returns 401 when the actual response from the server is 403

[asos-ankuranurag]

Context

I am using prism proxy for contract testing and I have got an OpenAPI specs with following definition on security scheme(snippet).

openapi: 3.0.1
paths:
   /finance/<path>/v1/resource/{id}/name:
    get:
      security:
        - bearerAuth: []
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: "Authentication and Authorization is achieved using access tokens"
      bearerFormat: JWT

Current Behavior

When we send an unathorised token we get 403 from our server(which is correct). However, prism seems to convert the status code to 401 with error Violation: request Invalid security scheme used

Note: The token is valid it is just not authorised to the access the resource not belonging to the user.

Expected Behavior

Should it not just return the 403 error instead ? The actual status code from the server. The token was valid The specification file has got definition for 403 response code.

Possible Workaround/Solution

Steps to Reproduce

Environment

• Version used: 5.8.1
• Environment name and version (e.g. Chrome 39, node.js 5.4):
• Operating System and version (desktop or mobile): widnows 11
• Link to your environment/workspace/project:

[brendarearden]

@asos-ankuranurag please provide an example oas document that includes the responses, along with the prism proxy command you used.

[asos-ankuranurag]

Hi Brenda Rearden,

Thanks for replaying. Please find attached the openapi specification file .

The command used was :
prism proxy -v debug
specs.zip

[github-actions]

This ticket has been labeled jira. A tracking ticket in Stoplight's Jira (STOP-535) has been created.